TY - GEN
T1 - Formally verified invariants of vote counting schemes
AU - Verity, Florrie
AU - Pattinson, Dirk
N1 - Publisher Copyright:
© 2017 Copyright held by the owner/author(s). Publication rights licensed to ACM.
PY - 2017/1/30
Y1 - 2017/1/30
N2 - The correctness of ballot counting in electronically held elections is a cornerstone for establishing trust in the final result. Vote counting protocols in particular can be formally specified by as systems of rules, where each rule application represents the effect of a single action in the tallying process that progresses the count. We show that this way of formalising vote counting protocols is also particularly suitable for (formally) establishing properties of tallying schemes. The key notion is that of an invariant: properties that transfer from premiss to conclusion of all vote counting rules. We show that the rule-based formulation of tallying schemes allows us to give transparent formal proofs of properties of the respective scheme with relative ease. As our proofs are based on the specification of vote counting protocols, rather than a program that implements them, we are guaranteed that the property holds for every possible specification-confirming implementation of the respective protocol. This in particular includes the vote counting programs that are automatically extracted from the specification. We demonstrate this point by means of two examples: The monotonicity criterion for majority (first-past-the-post) voting, and the majority criterion for a simple version of single transferable vote.
AB - The correctness of ballot counting in electronically held elections is a cornerstone for establishing trust in the final result. Vote counting protocols in particular can be formally specified by as systems of rules, where each rule application represents the effect of a single action in the tallying process that progresses the count. We show that this way of formalising vote counting protocols is also particularly suitable for (formally) establishing properties of tallying schemes. The key notion is that of an invariant: properties that transfer from premiss to conclusion of all vote counting rules. We show that the rule-based formulation of tallying schemes allows us to give transparent formal proofs of properties of the respective scheme with relative ease. As our proofs are based on the specification of vote counting protocols, rather than a program that implements them, we are guaranteed that the property holds for every possible specification-confirming implementation of the respective protocol. This in particular includes the vote counting programs that are automatically extracted from the specification. We demonstrate this point by means of two examples: The monotonicity criterion for majority (first-past-the-post) voting, and the majority criterion for a simple version of single transferable vote.
UR - http://www.scopus.com/inward/record.url?scp=85014955067&partnerID=8YFLogxK
U2 - 10.1145/3014812.3014845
DO - 10.1145/3014812.3014845
M3 - Conference contribution
T3 - ACM International Conference Proceeding Series
BT - Proceedings of the Australasian Computer Science Week Multiconference, ACSW 2017
PB - Association for Computing Machinery
T2 - 2017 Australasian Computer Science Week Multiconference, ACSW 2017
Y2 - 31 January 2017 through 3 February 2017
ER -